Filtered by vendor Zohocorp
Subscribe
Total
418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2959 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2016-12-30 | 7.5 HIGH | N/A |
| Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role. | |||||
| CVE-2015-2960 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2016-12-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2961 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2016-12-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2015-4418 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2016-12-30 | 5.0 MEDIUM | N/A |
| Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2015-5459 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | |||||
| CVE-2015-5149 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2016-12-07 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp. | |||||
| CVE-2015-5061 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2016-12-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. | |||||
| CVE-2015-2169 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2016-12-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned. | |||||
| CVE-2015-7766 | 1 Zohocorp | 1 Manageengine Opmanager | 2015-10-09 | 9.0 HIGH | N/A |
| PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | |||||
| CVE-2015-7765 | 1 Zohocorp | 1 Manageengine Opmanager | 2015-10-09 | 9.0 HIGH | N/A |
| ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password. | |||||
| CVE-2014-2670 | 1 Zohocorp | 1 Manageengine Opstor | 2015-07-24 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. | |||||
| CVE-2014-0344 | 1 Zohocorp | 1 Manageengine Opstor | 2015-07-24 | 6.5 MEDIUM | N/A |
| Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter. | |||||
| CVE-2015-5150 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2015-07-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp. | |||||
| CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2015-03-06 | 10.0 HIGH | N/A |
| The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | |||||
| CVE-2015-1479 | 1 Zohocorp | 1 Servicedesk Plus | 2015-02-06 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. | |||||
| CVE-2014-6034 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2014-12-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter. | |||||
| CVE-2014-6035 | 1 Zohocorp | 1 Manageengine Opmanager | 2014-12-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | |||||
| CVE-2012-5956 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2012-12-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. | |||||